[Snort-users] Newbie question

Jhumri Tilayia tilayia at ...125...
Tue Mar 5 17:29:11 EST 2002


Well, I assume that because it's a Network IDS, it sniffs packets. Will it 
let me (for example) write a rule that looks for certain HTTP requests, 
without specifying the whole IP packet (i.e. can it intelligently decode the 
protocol stack?). Since with TCP, a given request could be split across 
multiple packets, can it decode a whole stream (like Ethereal does)?

Thanks.

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.





More information about the Snort-users mailing list